package com.yun.zhong.fu.sharecenter.controller;

import com.yun.zhong.fu.sharecenter.annoation.CheckAuthorization;
import com.yun.zhong.fu.sharecenter.entity.Share;
import com.yun.zhong.fu.sharecenter.service.ShareService;
import com.yun.zhong.fu.sharecenter.utils.SharedAuditDto;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;

/**
 * @Author RenPu
 * @Date 2020/12/30 17:14
 * @Version 1.0
 * @Description:
 **/

@RestController
@RequestMapping("/admin/shares")
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class ShareAdminController {

    private final ShareService shareService;


    /**
     * 授权的解决方案：1：土方法：在每个方法里添加形参：
     * HttpServletRequest request
     * 通过request对象获取：String role = (String) request.getAttribute("role");  缺点方法过多时添加比较繁琐，以及代码的冗余，代码侵入性比较高
     * 2:通过AOP来实现
     * 1：自定义注解
     * 2：切面配置类
     * 3：在需要授权验证的方法上加入自定义注解
     *
     * @param id
     * @param sharedAuditDto
     * @return
     */
    @PutMapping("/audit/{id}")

    //表示必须用户的当前角色是admin，才会执行此方法
    @CheckAuthorization("admin")
    public Share auditById(@PathVariable Integer id, @RequestBody SharedAuditDto sharedAuditDto, Model model) {




        model.addAttribute(this.shareService.auditById(id, sharedAuditDto));

        //TODO 认证以及授权
        return this.shareService.auditById(id, sharedAuditDto);
    }


}
